U ڲg@sdZddlZddlZddlZddlZddlmZddlm Z ddlm Z e Z dddd d d gZ ed d dgZGdddZGdddeZGdddeZGdddeZddZdS)zFirebase credentials module.N)requests) credentials)service_accountz.https://www.googleapis.com/auth/cloud-platformz)https://www.googleapis.com/auth/datastorez5https://www.googleapis.com/auth/devstorage.read_writez(https://www.googleapis.com/auth/firebasez/https://www.googleapis.com/auth/identitytoolkitz.https://www.googleapis.com/auth/userinfo.emailAccessTokenInfoZ access_tokenexpiryc@s eZdZdZddZddZdS)Basez>Provides OAuth2 access tokens for accessing Firebase services.cCs |}|tt|j|jS)zFetches a Google OAuth2 access token using this credential instance. Returns: AccessTokenInfo: An access token obtained using the credential. )get_credentialZrefresh_requestrtokenr)selfZ google_credr >/tmp/pip-unpacked-wheel-p0r7i5ii/firebase_admin/credentials.pyget_access_token/s zBase.get_access_tokencCstdS)z?Returns the Google credential instance used for authentication.N)NotImplementedErrorr r r r r9szBase.get_credentialN)__name__ __module__ __qualname____doc__rrr r r r r,s rcsPeZdZdZdZfddZeddZeddZed d Z d d Z Z S) Certificatez9A credential initialized from a JSON certificate keyfile.rc stt|t|r6t|}t|}W5QRXnt|trF|}nt d || d|j krtt d |j zt jj|td|_Wn0t k r}zt d |W5d}~XYnXdS)a]Initializes a credential from a Google service account certificate. Service account certificates can be downloaded as JSON files from the Firebase console. To instantiate a credential from a certificate file, either specify the file path or a dict representing the parsed contents of the file. Args: cert: Path to a certificate file or a dict representing the contents of a certificate. Raises: IOError: If the specified certificate file doesn't exist or cannot be read. ValueError: If the specified certificate is invalid. z}Invalid certificate argument: "{0}". Certificate argument must be a file path, or a dict containing the parsed file contents.typezZInvalid service account certificate. Certificate must contain a "type" field set to "{0}".Zscopesz?Failed to initialize a certificate credential. Caused by: "{0}"N)superr__init__ _is_file_pathopenjsonload isinstancedict ValueErrorformatget_CREDENTIAL_TYPEr CredentialsZfrom_service_account_info_scopes _g_credential)r cert json_file json_dataerror __class__r r rCs0   zCertificate.__init__cCs|jjSN)r& project_idrr r r r.fszCertificate.project_idcCs|jjSr-)r&signerrr r r r/jszCertificate.signercCs|jjSr-)r&service_account_emailrr r r r0nsz!Certificate.service_account_emailcCs|jSzReturns the underlying Google credential. Returns: google.auth.credentials.Credentials: A Google Auth credential instance.r&rr r r rrszCertificate.get_credential) rrrrr#rpropertyr.r/r0r __classcell__r r r+r r>s #   rcs<eZdZdZfddZddZeddZdd ZZ S) ApplicationDefaultz(A Google Application Default credential.cstt|d|_dS)zCreates an instance that will use Application Default credentials. The credentials will be lazily initialized when get_credential() or project_id() is called. See those methods for possible errors raised. N)rr5rr&rr+r r r}szApplicationDefault.__init__cCs||jS)a:Returns the underlying Google credential. Raises: google.auth.exceptions.DefaultCredentialsError: If Application Default credentials cannot be initialized in the current environment. Returns: google.auth.credentials.Credentials: A Google Auth credential instance.)_load_credentialr&rr r r rsz!ApplicationDefault.get_credentialcCs||jS)aReturns the project_id from the underlying Google credential. Raises: google.auth.exceptions.DefaultCredentialsError: If Application Default credentials cannot be initialized in the current environment. Returns: str: The project id.)r6 _project_idrr r r r.s zApplicationDefault.project_idcCs |jstjjtd\|_|_dS)Nr)r&googleauthdefaultr%r7rr r r r6sz#ApplicationDefault._load_credential) rrrrrrr3r.r6r4r r r+r r5zs    r5csPeZdZdZdZfddZeddZeddZed d Z d d Z Z S) RefreshTokenz8A credential initialized from an existing refresh token.Zauthorized_userc stt|t|r6t|}t|}W5QRXnt|trF|}nt d || d|j krtt d |j t j|t|_dS)aInitializes a credential from a refresh token JSON file. The JSON must consist of client_id, client_secret and refresh_token fields. Refresh token files are typically created and managed by the gcloud SDK. To instantiate a credential from a refresh token file, either specify the file path or a dict representing the parsed contents of the file. Args: refresh_token: Path to a refresh token file or a dict representing the contents of a refresh token file. Raises: IOError: If the specified file doesn't exist or cannot be read. ValueError: If the refresh token configuration is invalid. zInvalid refresh token argument: "{0}". Refresh token argument must be a file path, or a dict containing the parsed file contents.rzSInvalid refresh token configuration. JSON must contain a "type" field set to "{0}".N)rr;rrrrrrrr r!r"r#rr$Zfrom_authorized_user_infor%r&)r refresh_tokenr(r)r+r r rs   zRefreshToken.__init__cCs|jjSr-)r& client_idrr r r r=szRefreshToken.client_idcCs|jjSr-)r& client_secretrr r r r>szRefreshToken.client_secretcCs|jjSr-)r&r<rr r r r<szRefreshToken.refresh_tokencCs|jSr1r2rr r r rszRefreshToken.get_credential) rrrrr#rr3r=r>r<rr4r r r+r r;s    r;cCs,zt|WdStk r&YdSXdS)NTF)pathlibPath TypeError)pathr r r rs  r)r collectionsrr?Z google.authr8Zgoogle.auth.transportrZ google.oauth2rrRequestr r% namedtuplerrrr5r;rr r r r s*    <'9